Job Responsibilities:
· You will plan, support, implement, and design a directory synchronization system for Microsoft Active Directory and Windows-based systems across the enterprise, including directory and identity management solutions as Bravura Security suite or Beyond Trust.
· You will also manage the Implementation of Business-driven changes, Configuration of Group Policies, and Integration of AD Management tools/services.
· Independently manage and perform engineering lead role for large scale Active Directory and Identity Management projects.
· Analysis, design, capacity planning and implementation of Active Directory Security.
· You will monitor and enhance secure Active Directory architecture standards (Semperis DSP, PingCastle, BloodHound, ForestDruid).
· Actively lead the creation and updating of standards and reference architectures. These reference architectures will provide direction and guidance on proper compliance with defined corporate standards while ensuring deploying secure infrastructure solutions.
· You will be responsible for leading Active Directory infrastructure risk assessments/audits, making decisions on threat modeling and proper security service design and implementation.
· Communicate and collaborate with cross-functional peers outside of Center of Excellence, including Second-line Risk and Enterprise Risk Management (SOC).
· Participate in the development of the security roadmap and technology security vision.
· You will also act as an advocate for Active Directory security and lead efforts to promote security awareness at all levels of the organizations.

Required Qualifications & Experience:
· You will possess a bachelor’s degree in information technology, computer science or closely associated field with at least 7 years of experience in a globally operating company.
· You will have a strong understanding of Active Directory Attributes, LDAP Queries, PowerShell Scripting to Modify AD Attributes, Group Policy Analysis, Group Policy Object (GPO) Configuration & Item-Level Targeting, Workstation Configurations, Browser Configuration Settings, familiarity with Applications that integrated with Active Directory.
· You must have working knowledge of GPOs, AD Sites, Replication Topology, and native AD troubleshooting tools as Microsoft System Center Operations Manager.
· Thorough functional understanding and ability to configure Active Directory Server Roles (CAs, IIS, File, DNS, DFS-R).
· You will have strong knowledge of permissions that are granted natively to various Microsoft Built-In Groups to perform Active Directory Administrative Functions, knowledge of native permissions granted when building AD objects, knowledge of permissions granted natively to Built-In Groups via GPOs and/or Local Policies.
· Active Directory Disaster Recovery (Semperis ADFR) experience.
· You must have expert level knowledge about Active Directory, Identity and User access management.
· Advanced Windows and Linux operating systems knowledge.
· You will also have advanced knowledge in Hypervisor technology as VMWare ESXi and Microsoft Hyper-V.
· Understanding of ICS (Industrial Control Systems) is required.
· Experience with integration of applications with Active Directory via LDAP(S), NTLMv2, Kerberos, RADIUS, MFA for authentication and authorization.
· At least 5 years of Active Directory technical experience that includes the operational support, design, and implementation of large-scale, enterprise level solutions.
· Overarching broad and deep technical experience with Active Directory Security.
· Extensive experience and advanced knowledge in implementing Windows security concepts and policies, least–privilege design principles.
· Experience with managing and troubleshooting the intricacies of AD integrated DNS.
· Advanced PowerShell scripting experience and capabilities.
· Extensive and deep knowledge of Group Policy Objects (GPO’s), engineering and implementation.
· Red Team assessment exposure and interaction.
· Identity and access management; tracking and creating/enforcing policies that govern system access sensitive DCS technology (iFix, Wonderware, Siemens PCS7) resources and information assets.
· Demonstrated ability to identify risks associated with business processes, operations, technology projects and information security programs.
· Ability to function as an Enterprise Identity Management security subject matter expert who can explain complex topics to those without a technical background.
· Ability to troubleshoot Active Directory and familiarity with the NIST cybersecurity framework (for OT) and the Purdue Mode.